<!--

    Copyright (c) 2005, 2018 Oracle and/or its affiliates. All rights reserved.
    Portions Copyright &#169; [2017-2020] Payara Foundation and/or affiliates.

    This program and the accompanying materials are made available under the
    terms of the Eclipse Public License v. 2.0, which is available at
    http://www.eclipse.org/legal/epl-2.0.

    This Source Code may also be made available under the following Secondary
    Licenses when the conditions for such availability set forth in the
    Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
    version 2 with the GNU Classpath Exception, which is available at
    https://www.gnu.org/software/classpath/license.html.

    SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0

-->
<!-- Portions Copyright [2019] [Payara Foundation and/or its affiliates] -->

<p><a id="ref-editcertrealm" name="ref-editcertrealm"></a><a id="GHCOM00101" name="GHCOM00101"></a></p>

<h4><a id="sthref202" name="sthref202"></a><a id="sthref203" name="sthref203"></a>Properties Specific to the <code>CertificateRealm</code> Class</h4>
<a name="BEGIN" id="BEGIN"></a>
<p>The <code>certificate</code> realm supports SSL authentication. This realm sets up the user identity in the Payara Server's security context, and populates it with user data obtained from cryptographically verified client certificates in the truststore and keystore files. Add users to these files using <code>keytool</code> or <code>certutil</code>.</p>
<p>With the <code>certificate</code> realm, Java containers handle authorization processing based on each user's Distinguished Name (DN) from his or her certificate. The DN is the name of the entity whose public key the certificate identifies. This name uses the X.500 standard, so it is intended to be unique across the Internet.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html">http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html</a></code>).</p>
<p>The following optional property is available for the <code>certificate</code> realm.</p>
<dl>
<dt>Assign Groups</dt>
<dd>
<p>A comma-separated list of group names. All clients who present valid certificates are assigned to these groups, for example, <code>employee,manager</code>, where these are the names of user groups.</p>
</dd>
</dl>


<small>Copyright &#169; 2005, 2017, Oracle and/or its affiliates. All rights reserved. <a href="docinfo.html">Legal Notices</a></small>
<small>Portions Copyright &#169; [2017-2020] Payara Foundation and/or affiliates.</small>
